Security Architecture Methodology for the Electric Sector, Version 2.0 (co-author)

At present, there is no common security architecture methodology used throughout the utility industry. Several architecture frameworks are available, and each includes unique terms and definitions. In general, these frameworks are intended for use in developing an enterprise architecture and not specifically a cyber security architecture.

Typically, an enterprise architecture does not address cyber security, specifically the overall attack surface, attack vectors, potential vulnerabilities, and applicable mitigation strategies. The challenge is to develop a security architecture methodology that augments, rather than replaces, current enterprise architecture methodologies and is at a level that is useful to utilities. This report includes the second version of a cyber security architecture methodology that may be used by utilities for existing and planned system architectures. This report applies the methodology to distribution and transmission substations and includes reference architectures for legacy, transition, and future/target configurations. A reference cyber security architecture may be used in evaluating the current system configuration and defining transition and target configurations.

Substation Attack Surface Analysis

Technical Report (co-author)

As utilities modernize the grid, they will need to assess the security architecture, identify potential vulnerabilities that may be exploited by an attacker, and determine appropriate mitigation strategies. This can be a difficult task without the use of a security architecture methodology.

The purpose of this document is to define a security architecture methodology that may be implemented throughout the electric sector by utilities of all sizes – large Investor Owned Utilities (IOUs), municipalities, and cooperatives. There are several architecture frameworks that are currently available, and each includes unique terms and definitions. In general, these frameworks are intended to be used to develop the enterprise architecture, and not specifically a security architecture. The frameworks that focus on security architectures typically do not include an approach for analyzing the attack surface and identifying attack vectors and potential vulnerabilities that may be exploited. The focus of this document is to present a standardized security architecture methodology that has been applied to transmission and distribution substations that includes an approach for analyzing the attack surface and reference architecture diagrams. This is the second version of this methodology. This document is a companion document to EPRI’s Substation Security Architecture Reference Diagrams, Version 1.0 (3002009519, December 2016).

Substation Security Architecture Reference Diagrams (co-author)

The nation’s power system consists of both legacy and next generation technologies. This includes devices that may be 30-50 years old, include no cyber security controls, and implement proprietary communication protocols and applications. Many of these legacy devices have significant computing and performance constraints that limit the cyber security controls that may be implemented.

By contrast, new technologies may include modern information technology (IT) devices with commercially available applications and communication protocols. The new operations technology (OT) devices may also include commercially available applications and communications functions. With this shift in technology, utilities are exploring methods to better address cyber security requirements. This encompasses prioritizing the systems, performing a cyber security risk assessment, and determining the impacts of a cyber security compromise. Such activities are all part of a cyber security strategy.

Another component of the cyber security strategy is the cyber security architecture. At present, utilities have enterprise architecture diagrams, but they have not typically developed their cyber security architecture. This technical update includes transmission and distribution substation cyber security architecture reference diagrams for legacy, transition, and future configurations. The update serves as a companion document to EPRI’s Substation Attack Surface Analysis (3002010417, December 2017)

Cyber Security Architecture Methodology for the Electric Sector, Version 1.0 (co-author)

For grid modernization, increased interconnection in electric sector devices is required, and this will result in a larger attack surface that may be exploited by potential adversaries such as nation-states, terrorist organizations, malicious contractors, and disgruntled employees. A security architecture methodology is an important tool in a utility’s cyber security risk management strategy and a reference cyber security architecture may be used to support utility situational awareness.

Typically, an enterprise architecture does not address cyber security – specifically, the overall attack surface, attack vectors, potential vulnerabilities, and applicable response strategies. The challenge is to develop a security architecture methodology that augments, rather than replaces, current enterprise architecture methodologies and is at a level that is useful to utilities. This report includes the first version of a cyber security architecture methodology that may be used by utilities for existing and planned system architectures. The objective is to provide a common methodology that may be used by utilities of all sizes, from large investor owned utilities to smaller cooperatives and municipalities.